> On Nov 1, 2007 3:46 PM, Kris Zyp <[EMAIL PROTECTED]> wrote:
>> >> It's a sandbox, right? Should be safe. Not so fast:
>>
>> > last they gave up. rexec was removed from the language.
With the complexity of creating and verifing a sandboxing eval that allows
shared mutable objects with some degree of safety, is it conceivable that
ES4 could alternately pursue sandboxed eval through a shared nothing
construct? I remember that Brendan mentioned that Google Gears approach is a
good model, but that it would be premature to standardize. I agree
standardizing on the actual Gears API would be strange, however, wouldn't
taking a shared nothing approach to sandboxing (using messaging) like gears
(but with our own API) be a safer and easier to analyze approach to
sandboxing and more reasonable in terms of time constraints for inclusion in
ES4 than the scopable eval? Shared nothing techniques are hardly a new PL
concept, albiet I am sure it is still not a trivial addition.
Just thinking about what it could look like:
mySandbox = new Environment(myScriptToSandbox);
onmessage=function(message : string) {...}
mySandbox.sendMessage("start");
And of course, it seems hard to resist the temptation to entertain the hope
that this could be a possible API for adventurous implementors to use for a
concurrency construct (use the same API for ConcurrentEnvironment), which
could advise ES5's work on concurrency.
Kris
_______________________________________________
Es4-discuss mailing list
Es4-discuss@mozilla.org
https://mail.mozilla.org/listinfo/es4-discuss
